package main

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"net/http"
)

func main() {
	//caCert, err := ioutil.ReadFile("./ca/ca.cert.pem")
	//if err != nil {
	//	fmt.Println(err)
	//	return
	//}
	mcaCert, err := ioutil.ReadFile("./mca/mca.cert.pem")
	if err != nil {
		fmt.Println(err)
		return
	}

	caCertPool := x509.NewCertPool()
	//caCertPool.AppendCertsFromPEM(caCert)
	caCertPool.AppendCertsFromPEM(mcaCert)

	//URL := os.Args[1]
	URL := "https://127.0.0.1:8080"

	cert, err := tls.LoadX509KeyPair("./client/c101.cert.pem", "./client/c101.key.pem")
	client := &http.Client{
		Transport: &http.Transport{
			TLSClientConfig: &tls.Config{
				// 客户端证书
				Certificates: []tls.Certificate{cert},
				// client  Verify
				VerifyPeerCertificate: VerifyPeerCertificate,
				// 用于校验服务端证书的根证书
				RootCAs: caCertPool,
				// 校验服务端的域名
				ServerName: "*.cadmus.com",
				// 是否跳过对服务端证书的校验以及hostname的校验，为true跳过
				InsecureSkipVerify: false,
			},
		},
	}

	resp, err := client.Get(URL)
	if err != nil {
		fmt.Println(err)
		return
	}

	htmlData, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		fmt.Println(err)
		return
	}

	defer resp.Body.Close()
	fmt.Printf("%v\n", resp.Status)
	fmt.Println(string(htmlData))

}

// VerifyPeerCertificate 客户端的证书验证逻辑
func VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {

	return nil
}
